int
arp_rcv(struct sk_buff *skb, struct device *dev, struct packet_type *pt)
{
struct arp *arp;
struct arp_table *tbl;
int ret;
PRINTK ("<<\n");
arp = skb->h.arp;
print_arp(arp);
/* if this test doesn't pass, something fishy is going on. */
if (arp->hlen != dev->addr_len || dev->type !=NET16( arp->hrd))
{
free_skb(skb, FREE_READ);
return (0);
}
/* for now we will only deal with ip addresses. */
if (arp->pro != NET16(ARP_IP_PROT) || arp->plen != 4)
{
free_skb (skb, FREE_READ);
return (0);
}
/* now look up the ip address in the table. */
tbl = arp_lookup (*arp_sourcep(arp));
if (tbl != NULL)
{
memcpy (tbl->hard, arp+1, arp->hlen);
tbl->hlen = arp->hlen;
tbl->last_used = timer_seq;
}
if (!my_ip_addr(*arp_targetp(arp)))
{
free_skb (skb, FREE_READ);
return (0);
}
if (tbl == NULL)
create_arp (*arp_sourcep(arp), arp_sourceh(arp), arp->hlen);
/* now see if we can send anything. */
send_arp_q();
if (arp->op != NET16(ARP_REQUEST))
{
free_skb (skb, FREE_READ);
return (0);
}
/* now we need to create a new packet. */
ret = arp_response(arp, dev);
free_skb (skb, FREE_READ);
return (ret);
}
void do_rarp(void *p)
{
g.packet_rarp++;
if(g.print_flag_rarp)
{
printf("\n===================== rarp 头信息 =====================\n");
print_arp(p);
}
}
void do_arp( char * data )
{
global.packet_arp ++;
struct arphdr * parp;
parp = ( struct arphdr * ) data;
if( global.print_flag_arp ) {
printf("============= arp 头信息 ==============\n");
print_arp( parp );
}
}
void
arp_snd (unsigned long paddr, struct device *dev, unsigned long saddr)
{
struct sk_buff *skb;
struct arp *arp;
struct arp_table *apt;
int tmp;
PRINTK ("arp_snd (paddr=%X, dev=%X, saddr=%X)\n",paddr, dev, saddr);
/* first we build a dummy arp table entry. */
apt = create_arp (paddr, NULL, 0);
if (apt == NULL) return;
skb = arp_malloc (sizeof (*arp) + sizeof (*skb) + dev->hard_header_len +
2*dev->addr_len+8);
if (skb == NULL) return;
skb->sk = NULL;
skb->mem_addr = skb;
skb->mem_len = sizeof (*arp) + sizeof (*skb) + dev->hard_header_len +
2*dev->addr_len+8;
skb->arp = 1;
skb->dev = dev;
skb->len = sizeof (*arp) + dev->hard_header_len + 2*dev->addr_len+8;
skb->next = NULL;
tmp = dev->hard_header ((unsigned char *)(skb+1), dev,
ETHERTYPE_ARP, 0, saddr, skb->len);
if (tmp < 0)
{
arp_free (skb->mem_addr, skb->mem_len);
return;
}
arp =(struct arp *) ((unsigned char *)skb+sizeof (*skb) + tmp );
arp->hrd = net16(dev->type);
arp->pro = NET16(ARP_IP_PROT);
arp->hlen = dev->addr_len;
arp->plen = 4;
arp->op = NET16(ARP_REQUEST);
*arp_sourcep(arp) = saddr;
*arp_targetp(arp) = paddr;
memcpy (arp_sourceh(arp), dev->dev_addr, dev->addr_len);
memcpy (arp_targeth(arp), dev->broadcast, dev->addr_len);
PRINTK(">>\n");
print_arp(arp);
dev->queue_xmit (skb, dev, 0);
}
static int
arp_response (struct arp *arp1, struct device *dev)
{
struct arp *arp2;
struct sk_buff *skb;
int tmp;
/* get some mem and initialize it for the return trip. */
skb = arp_malloc (sizeof (*skb) + sizeof (*arp2) +
2*arp1->hlen + 2*arp1->plen + dev->hard_header_len);
if (skb == NULL) return (1);
skb->mem_addr = skb;
skb->mem_len = sizeof (*skb) + sizeof (*arp2) + 2*arp1->hlen +
2*arp1->plen + dev->hard_header_len;
skb->len = sizeof (*arp2) + 2*arp1->hlen +
2*arp1->plen + dev->hard_header_len;
tmp = dev->hard_header((unsigned char *)(skb+1), dev,
ETHERTYPE_ARP, *arp_sourcep(arp1),
*arp_targetp(arp1),skb->len);
if (tmp < 0) return (1);
arp2 =(struct arp *) ((unsigned char *)skb+sizeof (*skb) + tmp );
memcpy (arp2, arp1, sizeof (*arp2));
/* now swap the addresses. */
*arp_sourcep(arp2) = *arp_targetp(arp1);
memcpy(arp_sourceh(arp2), dev->dev_addr, arp1->hlen);
*arp_targetp(arp2) = *arp_sourcep(arp1);
memcpy(arp_targeth(arp2), arp_sourceh(arp1), arp1->hlen);
arp2->op = NET16(ARP_REPLY);
skb->free = 1;
skb->arp = 1; /* so the code will know it's not waiting on an arp. */
skb->sk = NULL;
skb->next = NULL;
PRINTK (">>");
print_arp(arp2);
/* send it. */
dev->queue_xmit (skb, dev, 0);
return (0);
}
void arp(pid_t pid) {
if (getuid() == 0)
firemon_drop_privs();
pid_read(pid);
// print processes
int i;
for (i = 0; i < MAX_PIDS; i++) {
if (pids[i].level == 1) {
pid_print_list(i, 0);
int child = find_child(i);
if (child != -1) {
char *fname;
if (!asprintf(&fname, "/proc/%d/net/arp", child) == -1)
errExit("asprintf");
print_arp(fname);
free(fname);
printf("\n");
}
}
}
}
int main(int argc,char **argv) {
pcap_t *pcap;
char pcapErr[PCAP_ERRBUF_SIZE], line[80] ;
char* title;
int datalink;
char timeDuration[MAX_BUF_SIZE];
char file_name[MAX_BUF_SIZE];
if (argc != 2) {
printf("Usage: ./wiretap file.pcap\n");
printf(" ./wiretap file.pcap > output.txt\n");
exit(1);
}
strcpy(file_name, argv[1]);
pcap = pcap_open_offline(file_name, pcapErr);
if (pcap == NULL) {
fprintf(stderr, "pcap_open_offline failed: %s\n", pcapErr);
exit(EXIT_FAILURE);
}
datalink = pcap_datalink(pcap);
if(datalink != Ethernet) {
printf("not Ethernet!\n");
exit(EXIT_FAILURE);
}
pcap_loop(pcap,-1,my_callback,NULL);
getTimeDiff(timeDuration);
print_summary(timebuffer, start_time, timeDuration);
printf("=== Link layer ===\n\n");
print("Source ethernet addresses", eth_src_addr, packets);
free_nodes(eth_src_addr);
print("Destination ethernet addresses", eth_dest_addr, packets);
free_nodes(eth_dest_addr);
printf("=== Network Layer ===\n\n");
print("Network layer protocols", net_layer, packets);
free_nodes(net_layer);
print("Source IP addresses", IP_src_addr, ip_packets);
free_nodes(IP_src_addr);
print("Destination IP addresses", IP_dest_addr, ip_packets);
free_nodes(IP_dest_addr);
print("TTLs",TTL_list, ip_packets);
free_nodes(TTL_list);
print_arp(arp_participants);
free_arp_nodes(arp_participants);
printf("=== Transport Layer ===\n\n");
print("Transport Layer protocols", transLayer, ip_packets);
free_nodes(transLayer);
printf("=== Transport Layer: TCP ===\n\n");
print("Source TCP ports", TCP_src_ports, TCP_packets);
free_nodes(TCP_src_ports);
print("Destination TCP ports", TCP_dest_ports, TCP_packets);
free_nodes(TCP_dest_ports);
print("TCP flags", TCP_flags, TCP_packets);
free_nodes(TCP_flags);
print("TCP options", TCP_options, TCP_packets);
free_nodes(TCP_options);
printf("=== Transport Layer: UDP ===\n\n");
print("Source UDP ports", UDP_src_ports, UDP_packets);
free_nodes(UDP_src_ports);
print("Destination UDP ports", UDP_dest_ports, UDP_packets);
free_nodes(UDP_dest_ports);
printf("=== Transport Layer: ICMP ===\n\n");
print("Source IPs for ICMP", ICMP_src_IP, ICMP_packets);
free_nodes(ICMP_src_IP);
print("Destination IPs for ICMP", ICMP_dest_IP, ICMP_packets);
free_nodes(ICMP_dest_IP);
print("ICMP types", ICMP_TYPE, ICMP_packets);
free_nodes(ICMP_TYPE);
print("ICMP codes", ICMP_CODE, ICMP_packets);
free_nodes(ICMP_CODE);
print("ICMP responses", ICMP_RESPONSE, ICMP_packets);
free_nodes(ICMP_RESPONSE);
pcap_close(pcap);
}
/* for local debug */
void ofp_print_packet_buffer(const char *comment, uint8_t *p)
{
static int first = 1;
FILE *f;
struct ofp_ip *ip;
uint16_t proto;
char *g;
/*
* Filter "noise"
*/
#if 0
if (p[12] == 0x00 && p[13] == 0x27)
return;
if (p[12] == 0x01 && p[13] == 0x98)
return;
#endif
if (first) {
f = fopen(DEFAULT_DEBUG_TXT_FILE_NAME, "w");
fclose(f);
first = 0;
}
f = fopen(DEFAULT_DEBUG_TXT_FILE_NAME, "a");
if (!f)
return;
static struct timeval tv0;
struct timeval tv;
gettimeofday(&tv, NULL);
if (tv0.tv_sec == 0)
tv0 = tv;
int ms = (tv.tv_sec*1000+tv.tv_usec/1000) -
(tv0.tv_sec*1000+tv0.tv_usec/1000);
ofp_printf(f, "\n*************\n");
ofp_printf(f, "[%d] %s: %d.%03d\n", odp_cpu_id(), comment,
ms/1000, ms%1000);
ofp_printf(f, "%s ->%s\n ", ofp_print_mac(p+6), ofp_print_mac(p));
if (p[12] == 0x81 && p[13] == 0x00) {
ofp_printf(f, "VLAN %d ", (p[14]<<8)|p[15]);
p += 4;
}
if (p[12] == 0x88 && p[13] == 0x47) {
uint8_t *label = p+14;
int i;
ofp_printf(f, "MPLS ");
while (1) {
ofp_printf(f, "[label=%d ttl=%d] ",
label[0]*16*256 + label[1]*16 + label[2]/16,
label[3]);
if (label[2] & 1)
break;
label += 4;
}
if ((label[4] & 0xf0) == 0x40) {
label[2] = 0x08; /* ipv4 */
label[3] = 0x00;
} else {
label[2] = 0x86; /* ipv6 */
label[3] = 0xdd;
}
label++;
for (i = 0; i < 12; i++)
*label-- = p[11 - i];
p = label+1;
}
if (p[12] == 0x08 && p[13] == 0x06) {
print_arp(f, (char *)(p + L2_HEADER_NO_VLAN_SIZE));
} else if (p[12] == 0x86 && p[13] == 0xdd) {
print_ipv6(f, (char *)(p + L2_HEADER_NO_VLAN_SIZE));
} else if (p[12] == 0x08 && p[13] == 0x00) {
ip = (struct ofp_ip *)(p + L2_HEADER_NO_VLAN_SIZE);
if (ip->ip_p == 47) { /* GRE */
g = ((char *)ip) + (ip->ip_hl << 2);
g += print_gre(f, g, &proto);
if (proto == 0x0800)
print_ipv4(f, g);
else if (proto == 0x86dd)
print_ipv6(f, g);
} else
print_ipv4(f, (char *)(p + L2_HEADER_NO_VLAN_SIZE));
} else {
ofp_printf(f, "UNKNOWN ETH PACKET TYPE 0x%02x%02x ",
p[12], p[13]);
}
ofp_printf(f, "\n");
fclose(f);
fflush(stdout);
}
void ifget(int sockfd, enum mode mode, char *name)
{
char *buf,*ptr,*colon;
int len;
int l;
struct ifreq *ifr;
struct sockaddr_in *sa_in, *sin;
#ifdef HAVE_arpreq
struct arpreq arpreq;
#endif
#ifndef USE_IFALIAS
int cnt = 0;
#endif
buf = getifreq(sockfd, &len);
for(ptr=buf;ptr < buf+len;)
{
ifr=(struct ifreq *)ptr;
if (mode == IP)
{
sa_in=(struct sockaddr_in *)&ifr->ifr_addr;
if(strncmp(name,inet_ntoa(sa_in->sin_addr), IFNAMSIZ) == 0)
printf("%s\n",ifr->ifr_name);
#ifdef DEBUG
fprintf(stderr, "%s %s %s\n", name, inet_ntoa(sa_in->sin_addr), ifr->ifr_name);
#endif
}
else if (mode == IF)
{
/* This is rather questionable on linux and solaris */
/* It will probably go in later versions */
/* We return names of devices which are aliased. */
/* Under BSD this makes no sense so we fake it */
/* Note: the numbers under BSD are just placeholders */
#ifdef USE_IFALIAS
if((colon=memchr(ifr->ifr_name,':',strlen(ifr->ifr_name))) != NULL)
{
*colon='\0';
if(strncmp(name,ifr->ifr_name, IFNAMSIZ) == 0)
printf("%s\n",++colon);
}
#else
if(strncmp(name,ifr->ifr_name, IFNAMSIZ) == 0)
{
sa_in=(struct sockaddr_in *)&ifr->ifr_addr;
if (sa_in->sin_family == AF_INET)
{
if (cnt > 0)
{
printf("%d\n", cnt);
}
cnt++;
}
}
#endif
#ifdef DEBUG
fprintf(stderr, "%s %s\n", name, ifr->ifr_name);
#endif
}
else if (mode == HW)
{
if(strncmp(name,ifr->ifr_name, IFNAMSIZ) == 0)
{
#ifdef HAVE_sockaddr_dl
print_arp(LLADDR((struct sockaddr_dl *) &ifr->ifr_addr));
#elif defined(HAVE_SIOCGIFHWADDR)
if(ioctl(sockfd,SIOCGIFHWADDR,ifr) == 0)
{
print_arp(ifr->ifr_hwaddr.sa_data);
}
#elif defined(HAVE_arpreq)
memset(&arpreq, 0, sizeof(arpreq));
sin = ((struct sockaddr_in *) &arpreq.arp_pa);
memset(sin, 0, sizeof(*sin));
sa_in=(struct sockaddr_in *)&ifr->ifr_addr;
memcpy(&sin->sin_addr, &sa_in->sin_addr, sizeof(struct in_addr));
if(ioctl(sockfd,SIOCGARP,&arpreq) == 0)
{
print_arp(arpreq.arp_ha.sa_data);
}
#else
# error "Unable to work out hardware address"
#endif
break;
}
}
else
{
error(3, "Invalid mode");
}
#ifdef SA_LEN_IN_SOCKADDR
l = ifr->ifr_addr.sa_len + sizeof(ifr->ifr_name);
if (l < sizeof(*ifr))
l = sizeof(*ifr);
#else
l = sizeof(ifr->ifr_name)+sizeof(struct sockaddr);
#endif
ptr+=l;
}
free(buf);
}
